EU GDPR compliance still a thing for UK firms even after Brexit

Leaving doesn't get you out of commitments

BREXIT Many UK businesses will still face the burden of complying with recently introduced EU data protection rules even after Thursday's historic Brexit vote.

UK businesses will be subject to the upcoming GDPR (General Data Protection Regulation), which comes into effect in April 2018, regardless of the EU Referendum result, according to security experts. That's because most every data processing business is international, and GDPR will apply to all firms handling data on EU citizens, even if the country where a supplier is based is outside the EU, such as Switzerland.

"The need in the UK to comply with the EU's GDPR will remain the same, as we can expect UK businesses to continue handling EU citizen data," said Dr Adrian Davis, European MD at cybersecurity training and certification body (ISC)2.

"The work we do as a profession already ensures that the standards and practices required to face them account for differences in markets and regulatory expectations."

Alan Duric, CTO and founder of security comms app Wire, said: "In a similar vein to Norway and Switzerland's relationship with the EU, if the UK is to continue to access EU citizens' data, then the same regulations would have to be met regardless of the UK's membership status. Adhering to EU standards would not only enable the free flow of data to continue, but would protect people's right to privacy and therefore is a decision to be embraced."

Jason Hart, CTO data protection at smart chip firm Gemalto, added: "With just a day to go until the EU referendum, UK businesses need to be aware they are still on the same two-year timeline for the upcoming GDPR. UK organisations that are dealing with the data of EU customers and companies will have to ensure that they're fully complaint with the regulation or face fines as a result."

"Two years may seem like a long time, but boardrooms need to evaluate their compliance practices now in order to know what changes they need to implement in time. Any concerns around the time or cost it takes to incorporate security protection should be eased. Installing protocols, such as encryption and two-factor authentication, has never been simpler, and is becoming the standard expected by consumers and businesses," he added. ®